X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=userdir_ldap.py;h=babfce0dea6c1b23425f60348bb3352ced63d8e0;hb=4f92f011a785b43dce5d36a84e3344a1e2615b17;hp=539dbaef3c21c24a4fb9e4a9d4763802897c119d;hpb=fb2a20c640baae70d3977c0a1b66c9d81be206dd;p=mirror%2Fuserdir-ldap.git diff --git a/userdir_ldap.py b/userdir_ldap.py index 539dbae..babfce0 100644 --- a/userdir_ldap.py +++ b/userdir_ldap.py @@ -1,6 +1,7 @@ # Copyright (c) 1999-2000 Jason Gunthorpe # Copyright (c) 2001-2003 Ryan Murray # Copyright (c) 2004-2005 Joey Schulze +# Copyright (c) 2008 Peter Palfrader # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -17,8 +18,10 @@ # Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. # Some routines and configuration that are used by the ldap progams -import termios, re, imp, ldap, sys, crypt, rfc822; +import termios, re, imp, ldap, sys, crypt, rfc822, pwd, os; import userdir_gpg +import hmac +import sha as sha1_module try: File = open("/etc/userdir-ldap/userdir-ldap.conf"); @@ -40,10 +43,12 @@ TemplatesDir = ConfModule.templatesdir; PassDir = ConfModule.passdir; Ech_ErrorLog = ConfModule.ech_errorlog; Ech_MainLog = ConfModule.ech_mainlog; +HostDomain = getattr(ConfModule, "hostdomain", EmailAppend) -# For backwards compatibility, we default to the old behaviour -MultipleSSHFiles = getattr(ConfModule, 'multiplesshfiles', False) -SingleSSHFile = getattr(ConfModule, 'singlesshfile', True) +try: + UseSSL = ConfModule.usessl; +except AttributeError: + UseSSL = False; # Break up the keyring list userdir_gpg.SetKeyrings(ConfModule.keyrings.split(":")) @@ -102,6 +107,16 @@ def PrettyShow(DnRecord): Result = Result + "%s: %s\n" % (x,i); return Result[:-1]; +def connectLDAP(server = None): + if server == None: + global LDAPServer + server = LDAPServer + l = ldap.open(server); + global UseSSL + if UseSSL: + l.start_tls_s(); + return l; + # Function to prompt for a password def getpass(prompt = "Password: "): import termios, sys; @@ -124,7 +139,7 @@ def getpass(prompt = "Password: "): print; return passwd; -def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): +def passwdAccessLDAP(BaseDn, AdminUser): """ Ask for the AdminUser's password and connect to the LDAP server. Returns the connection handle. @@ -136,7 +151,7 @@ def passwdAccessLDAP(LDAPServer, BaseDn, AdminUser): if len(Password) == 0: sys.exit(0) - l = ldap.open(LDAPServer); + l = connectLDAP() UserDn = "uid=" + AdminUser + "," + BaseDn; # Connect to the ldap server @@ -306,7 +321,7 @@ def FormatPGPKey(Str): if (len(Str) == 32): I = 0; while (I < len(Str)): - if I+2 == 32/2: + if I == 32/2: Res = "%s %s%s "%(Res,Str[I],Str[I+1]); else: Res = "%s%s%s "%(Res,Str[I],Str[I+1]); @@ -315,7 +330,7 @@ def FormatPGPKey(Str): # OpenPGP Print I = 0; while (I < len(Str)): - if I+4 == 40/2: + if I == 40/2: Res = "%s %s%s%s%s "%(Res,Str[I],Str[I+1],Str[I+2],Str[I+3]); else: Res = "%s%s%s%s%s "%(Res,Str[I],Str[I+1],Str[I+2],Str[I+3]); @@ -435,3 +450,12 @@ def Group2GID(l, name): return int(GetAttr(res[0], "gidNumber")) return -1 + +def make_hmac(str): + File = open(PassDir+"/key-hmac-"+pwd.getpwuid(os.getuid())[0],"r"); + HmacKey = File.readline().strip() + File.close(); + return hmac.new(HmacKey, str, sha1_module).hexdigest() + +def make_passwd_hmac(status, purpose, uid, uuid, hosts, cryptedpass): + return make_hmac(':'.join([status, purpose, uid, uuid, hosts, cryptedpass]))